| Message ID | 20211019000015.1666608-27-krisman@collabora.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | file system-wide error monitoring | expand |
On Tue, Oct 19, 2021 at 3:03 AM Gabriel Krisman Bertazi <krisman@collabora.com> wrote: > > struct fanotify_error_event, at least, is preallocated and isn't able to > to handle arbitrarily large file handles. Future-proof the code by > complaining loudly if a handle larger than MAX_HANDLE_SZ is ever found. > > Signed-off-by: Gabriel Krisman Bertazi <krisman@collabora.com> Reviewed-by: Amir Goldstein <amir73il@gmail.com> > --- > fs/notify/fanotify/fanotify.c | 12 +++++++++++- > 1 file changed, 11 insertions(+), 1 deletion(-) > > diff --git a/fs/notify/fanotify/fanotify.c b/fs/notify/fanotify/fanotify.c > index cedcb1546804..45df610debbe 100644 > --- a/fs/notify/fanotify/fanotify.c > +++ b/fs/notify/fanotify/fanotify.c > @@ -360,13 +360,23 @@ static u32 fanotify_group_event_mask(struct fsnotify_group *group, > static int fanotify_encode_fh_len(struct inode *inode) > { > int dwords = 0; > + int fh_len; > > if (!inode) > return 0; > > exportfs_encode_inode_fh(inode, NULL, &dwords, NULL); > + fh_len = dwords << 2; > > - return dwords << 2; > + /* > + * struct fanotify_error_event might be preallocated and is > + * limited to MAX_HANDLE_SZ. This should never happen, but > + * safeguard by forcing an invalid file handle. > + */ > + if (WARN_ON_ONCE(fh_len > MAX_HANDLE_SZ)) > + return 0; > + > + return fh_len; > } > > /* > -- > 2.33.0 >
On Mon 18-10-21 21:00:09, Gabriel Krisman Bertazi wrote: > struct fanotify_error_event, at least, is preallocated and isn't able to > to handle arbitrarily large file handles. Future-proof the code by > complaining loudly if a handle larger than MAX_HANDLE_SZ is ever found. > > Signed-off-by: Gabriel Krisman Bertazi <krisman@collabora.com> Looks good. Feel free to add: Reviewed-by: Jan Kara <jack@suse.cz> Honza > --- > fs/notify/fanotify/fanotify.c | 12 +++++++++++- > 1 file changed, 11 insertions(+), 1 deletion(-) > > diff --git a/fs/notify/fanotify/fanotify.c b/fs/notify/fanotify/fanotify.c > index cedcb1546804..45df610debbe 100644 > --- a/fs/notify/fanotify/fanotify.c > +++ b/fs/notify/fanotify/fanotify.c > @@ -360,13 +360,23 @@ static u32 fanotify_group_event_mask(struct fsnotify_group *group, > static int fanotify_encode_fh_len(struct inode *inode) > { > int dwords = 0; > + int fh_len; > > if (!inode) > return 0; > > exportfs_encode_inode_fh(inode, NULL, &dwords, NULL); > + fh_len = dwords << 2; > > - return dwords << 2; > + /* > + * struct fanotify_error_event might be preallocated and is > + * limited to MAX_HANDLE_SZ. This should never happen, but > + * safeguard by forcing an invalid file handle. > + */ > + if (WARN_ON_ONCE(fh_len > MAX_HANDLE_SZ)) > + return 0; > + > + return fh_len; > } > > /* > -- > 2.33.0 >
diff --git a/fs/notify/fanotify/fanotify.c b/fs/notify/fanotify/fanotify.c index cedcb1546804..45df610debbe 100644 --- a/fs/notify/fanotify/fanotify.c +++ b/fs/notify/fanotify/fanotify.c @@ -360,13 +360,23 @@ static u32 fanotify_group_event_mask(struct fsnotify_group *group, static int fanotify_encode_fh_len(struct inode *inode) { int dwords = 0; + int fh_len; if (!inode) return 0; exportfs_encode_inode_fh(inode, NULL, &dwords, NULL); + fh_len = dwords << 2; - return dwords << 2; + /* + * struct fanotify_error_event might be preallocated and is + * limited to MAX_HANDLE_SZ. This should never happen, but + * safeguard by forcing an invalid file handle. + */ + if (WARN_ON_ONCE(fh_len > MAX_HANDLE_SZ)) + return 0; + + return fh_len; } /*
struct fanotify_error_event, at least, is preallocated and isn't able to to handle arbitrarily large file handles. Future-proof the code by complaining loudly if a handle larger than MAX_HANDLE_SZ is ever found. Signed-off-by: Gabriel Krisman Bertazi <krisman@collabora.com> --- fs/notify/fanotify/fanotify.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-)